76,723 research outputs found
Extraction of Insider Attack Scenarios from a Formal Information System Modeling
International audienceThe early detection of potential threats during the modelling phase of a Secure Information System is required because it favours the design of a robust access control policy and the prevention of malicious behaviours during the system execution. This paper deals with internal attacks which can be made by people inside the organization. Such at- tacks are difficult to find because insiders have authorized system access and also may be familiar with system policies and procedures. We are in- terested in finding attacks which conform to the access control policy, but lead to unwanted states. These attacks are favoured by policies involving authorization constraints, which grant or deny access depending on the evolution of the functional Information System state. In this context, we propose to model functional requirements and their Role Based Access Control (RBAC) policies using B machines and then to formally reason on both models. In order to extract insider attack scenarios from these B specifications our approach first investigates symbolic behaviours. The use of a model-checking tool allows to exhibit, from a symbolic behaviour, an observable concrete sequence of operations that can be followed by an attacker. In this paper, we show how this combination of symbolic execution and model-checking allows to find out such insider attack sce- narios
Automatic Generation of Minimal Cut Sets
A cut set is a collection of component failure modes that could lead to a
system failure. Cut Set Analysis (CSA) is applied to critical systems to
identify and rank system vulnerabilities at design time. Model checking tools
have been used to automate the generation of minimal cut sets but are generally
based on checking reachability of system failure states. This paper describes a
new approach to CSA using a Linear Temporal Logic (LTL) model checker called BT
Analyser that supports the generation of multiple counterexamples. The approach
enables a broader class of system failures to be analysed, by generalising from
failure state formulae to failure behaviours expressed in LTL. The traditional
approach to CSA using model checking requires the model or system failure to be
modified, usually by hand, to eliminate already-discovered cut sets, and the
model checker to be rerun, at each step. By contrast, the new approach works
incrementally and fully automatically, thereby removing the tedious and
error-prone manual process and resulting in significantly reduced computation
time. This in turn enables larger models to be checked. Two different
strategies for using BT Analyser for CSA are presented. There is generally no
single best strategy for model checking: their relative efficiency depends on
the model and property being analysed. Comparative results are given for the
A320 hydraulics case study in the Behavior Tree modelling language.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Automated Mapping of UML Activity Diagrams to Formal Specifications for Supporting Containment Checking
Business analysts and domain experts are often sketching the behaviors of a
software system using high-level models that are technology- and
platform-independent. The developers will refine and enrich these high-level
models with technical details. As a consequence, the refined models can deviate
from the original models over time, especially when the two kinds of models
evolve independently. In this context, we focus on behavior models; that is, we
aim to ensure that the refined, low-level behavior models conform to the
corresponding high-level behavior models. Based on existing formal verification
techniques, we propose containment checking as a means to assess whether the
system's behaviors described by the low-level models satisfy what has been
specified in the high-level counterparts. One of the major obstacles is how to
lessen the burden of creating formal specifications of the behavior models as
well as consistency constraints, which is a tedious and error-prone task when
done manually. Our approach presented in this paper aims at alleviating the
aforementioned challenges by considering the behavior models as verification
inputs and devising automated mappings of behavior models onto formal
properties and descriptions that can be directly used by model checkers. We
discuss various challenges in our approach and show the applicability of our
approach in illustrative scenarios.Comment: In Proceedings FESCA 2014, arXiv:1404.043
- …